openSUSE Security Update: Security update for nodejs-electron ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981 CVE-2021-37984 CVE-2021-37987 CVE-2021-37989 CVE-2021-37992 CVE-2021-37996 CVE-2021-37998 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVSS scores: CVE-2021-30625 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30627 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30628 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30630 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-30632 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30633 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-37981 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-37984 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37987 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37989 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-37992 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37996 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-37998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38001 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38002 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-38003 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update for nodejs-electron fixes the following issues: - Fix webpack-4 with OpenSSL 3.0 Update to version 16.0.9 * https://github.com/electron/electron/releases/tag/v16.0.9 Update to version 16.0.8 * https://github.com/electron/electron/releases/tag/v16.0.8 - Add devel package with node headers (e.g. for node-gyp) - Update to version 16.0.7 * https://github.com/electron/electron/releases/tag/v16.0.7 - Update to version 15.3.3 * https://github.com/electron/electron/releases/tag/v15.3.3 - Update to version 13.6.3 https://github.com/electron/electron/releases/tag/v13.6.3 - Update to version 13.6.2 https://github.com/electron/electron/releases/tag/v13.6.2 - Fix for CVE-2021-37998 - Fix for CVE-2021-38001 - Fix for CVE-2021-38002 - Fix for CVE-2021-38003 - Do not build with H264 - Update to version 13.6.1 https://github.com/electron/electron/releases/tag/v13.6.1 - Fix for CVE-2021-37981 - Fix for CVE-2021-37984 - Fix for CVE-2021-37987 - Fix for CVE-2021-37989 - Fix for CVE-2021-37992 - Fix for CVE-2021-37996 - Update to version 13.5.1 https://github.com/electron/electron/releases/tag/v13.5.1 - Update to version 13.5.0 https://github.com/electron/electron/releases/tag/v13.5.0 - Fix for CVE-2021-30627 - Fix for CVE-2021-30631 - Fix for CVE-2021-30632 - Fix for CVE-2021-30625 - Fix for CVE-2021-30626 - Fix for CVE-2021-30628 - Fix for CVE-2021-30630 - Fix for CVE-2021-30633 - Version 13.4.0 - Update to version 13.1.8 * https://github.com/electron/electron/releases/tag/v13.1.8 - Update to version 13.1.7 * https://github.com/electron/electron/releases/tag/v13.1.7 - Update to version 13.1.6 * https://github.com/electron/electron/releases/tag/v13.1.6 * https://github.com/electron/electron/releases/tag/v13.1.5 - Update to version 13.1.4 * https://github.com/electron/electron/releases/tag/v13.1.4 * https://github.com/electron/electron/releases/tag/v13.1.3 - Build with vaapi support - Install missing vk_swiftshader_icd.json - Update to version 13.1.2 * https://github.com/electron/electron/releases/tag/v13.1.2 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-70=1 Package List: - openSUSE Backports SLE-15-SP3 (x86_64): nodejs-electron-16.0.9-bp153.2.1 nodejs-electron-devel-16.0.9-bp153.2.1 References: https://www.suse.com/security/cve/CVE-2021-30625.html https://www.suse.com/security/cve/CVE-2021-30626.html https://www.suse.com/security/cve/CVE-2021-30627.html https://www.suse.com/security/cve/CVE-2021-30628.html https://www.suse.com/security/cve/CVE-2021-30630.html https://www.suse.com/security/cve/CVE-2021-30631.html https://www.suse.com/security/cve/CVE-2021-30632.html https://www.suse.com/security/cve/CVE-2021-30633.html https://www.suse.com/security/cve/CVE-2021-37981.html https://www.suse.com/security/cve/CVE-2021-37984.html https://www.suse.com/security/cve/CVE-2021-37987.html https://www.suse.com/security/cve/CVE-2021-37989.html https://www.suse.com/security/cve/CVE-2021-37992.html https://www.suse.com/security/cve/CVE-2021-37996.html https://www.suse.com/security/cve/CVE-2021-37998.html https://www.suse.com/security/cve/CVE-2021-38001.html https://www.suse.com/security/cve/CVE-2021-38002.html https://www.suse.com/security/cve/CVE-2021-38003.html